KeePassXC: Convenience of single passwords file and security of having multiple protected databases possible?
-
[email protected]replied to [email protected] last edited by
So I'd like to split my passwords file into multiple "files", where the unimportant logins are permanently unlocked for convenience, while the more sensitive login credentials remain encrypted until I actually need them.
And how should that protect you against an attack that has compromised your system? If the system is compromised, then an additional lock does not hinder the attacker to wait until you open it.
-
[email protected]replied to [email protected] last edited by
I don't think KeePassXC will do exactly what you want to do.
Like, you'd want one database to have an Unimportant Passwords group and an Important Passwords group, with the Important Passwords group having an additional password. It doesn't seem to want to do that.
If I were you, I would leave KeePassXC locked until you need it for anything.
If you do decide to keep two KeePass database files, or hell even if you only keep one, I recommend using something like Syncthing to sync them across multiple devices.
-
[email protected]replied to [email protected] last edited by
Most methods for syncing a file also let you sync a whole directory of files (for example syncthing). You could have separate databases in different files within the same directory and sync that.
-
[email protected]replied to [email protected] last edited by
I'm using sftp in Keepass2Android to sync the file while I'm at home. When I'm not at home, it uses the local copy on the phone.
When the password file has changed on my home server and on the phone, Keepass2Android will ask if it should merge the databases. I'm not sure what Syncthing would do in that situation.
-
[email protected]replied to [email protected] last edited by
Syncthing has been discontinued for android. Or so I heard.
-
[email protected]replied to [email protected] last edited by
The official client has, but Syncthing-Fork is still being developed.
-
[email protected]replied to [email protected] last edited by
From the Play Store, it's available on F-Droid.
-
[email protected]replied to [email protected] last edited by
KeePassXC has an option for shared database.
https://keepassxc.org/docs/KeePassXC_UserGuide#_database_sharing_with_keeshare
-
[email protected]replied to [email protected] last edited by
The idea is that I'd recognize a compromised system. Not perfect, but good enough. I don't need to log into my bank account every day. But I will log into lemmy daily. So if a credential stealer + encrypter gets onto my system, I will most likely not have my sensitive passwords stolen. If the malware keeps a low profile, this won't help, but most malware won't.
-
[email protected]replied to [email protected] last edited by
The official Syncthing app is no longer on F-Droid either. Syncthing-Fork is and will continue to be supported.
-
[email protected]replied to [email protected] last edited by
I do the same thing but with nextcloud.
